More fully support X-Auth-Request-Redirect header

[webnard]

Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored

This fixes that.

• My change requires a change to the documentation or CHANGELOG.
• I have updated the documentation/CHANGELOG accordingly.
• I have created a feature (non-master) branch for my PR.

[JoelSpeed]

I think previously the header was honoured when going via the login page but not when going directly to the start page as used in the Nginx Auth Request

Happy with the code, could you please add a note to the changelog though and could you expand a little on how you've tested this? Just trying to understand what your use case and behaviour observations have been, thanks

[webnard]

Hi @JoelSpeed -- sorry for the delay there.

We've got a domain that redirects all subdomain requests to internal IP addresses after a successful auth. This directive wasn't working before my changes:

resolver 172.31.0.2; # internal dns lookup
proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;

If the auth request initially came with a POST request with the body rd=http://somesite.somedomain.com, the rd value was respected and redirected accordingly. This new code still gives precedence to the rd form value.

I don't remember exactly how I tested this (probably a couple of curl requests), but I can flesh something out if important.

[iain-buclaw-sociomantic]

Note, I suggested this nearly 2 years ago in bitly/oauth2_proxy#521, we've been running with the patch in production since that time as well.

[JoelSpeed]

Great, LGTM

[loshz]

Thank you and congrats on your first contribution! 🎉